- Subscribe to RSS Feed
- Mark Thread as New
- Mark Thread as Read
- Float this Thread for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Until Weebly makes SSL available in the Pro Plans it appears that both Chrome and Firefox will generate a "Security Alert" when using the Weebly "Password Protect" option!!
Users selecting a protected page will see the following when the log-in page loads...
Google Chrome
Firefox
Does any Mod have any update regarding the provision of SSL for Pro Plans?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
I don't have any update yet, unfortunately. I wasn't aware that our password protection was defaulting to SSL on non-business sites, though. Let me see what I can find out about this, @NJRFTF.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
Adam - it's not defaulting to SSL - Google Chrome and now Firefox as well are moving to a mores secure web...
"Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as "not secure," given their particularly sensitive nature.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
Oh, so you changed it to https manually? We're definitely working on changes as a result of Google and other browsers, so I don't expect things to stay as they are now.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
No - I didn't change anything!!
Here's alink to a blank page that I have put a weebly password on - it is on Pro plan and is a regular HTTP page with of course no SSL.
http://www.njrunforthefallen.org/401/login.php?redirect=/browser-check.html
Try opening that page with the latest Firefox and Chrome browsers and you will see the "not secure" warnings - Chrome in the browser bar and Firefox in the log-in box!!
EVERY weebly password protected page on every weebly website (except Business plans that have implimented SSL) will show the "Not Secure" warnings on the latest Chrome and Firefox versions when served as HTTP. The browser is detecting the presence of any form field that is either a password field or Credit Card field and will then display the warning...
Here's the Chrome Console warning
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
Ahh! Check the settings you have in Chrome/FireFox and see if it has something that tells it to always use HTTPS.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
Adam - this has nothing to do with a "user" option - this is down to the "host" - please read this extract from Google Developers: https://developers.google.com/web/updates/2016/10/avoid-not-secure-warn
Resolve warnings
To ensure that the Not Secure warning is not displayed for your pages, you must ensure that all forms containing <input type=password> elements and any inputs detected as credit card fields are present only on secure origins. This means that the top-level page must be HTTPS and, if the input is in an iframe, that iframe must also be served over HTTPS.
Warning: It is NOT sufficient to place an HTTPS iframe inside a HTTP page; the top-level page itself must be HTTPS as well.
If your site overlays an HTTPS login frame over HTTP pages...
...you will need to change the site to either use HTTPS for the entire site (ideal) or redirect the browser window to an HTTPS page containing the login form:
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
I updated my version of Chrome and saw what you mean. Chrome is basically saying that the page isn't secure even though it's not even attempting to load over SSL; including a password field on a page is all it takes now.
I'm going to send you a PM about this, @NJRFTF - one moment.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
Exactly - and they are aiming soon to simply apply the insecure warning to every page served HTTP regardless of content...
Read your PM - thank you very much for the assistance Adam....
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
So glad I checked in and read this!
Am I correct in stating that this WILL affect every page not having SSL? If not, I apologize. I am wondering if this will be taken care of for all Weebly accounts.
@Adam- Can you answer that one for me, please?
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
So glad I checked in and read this!
Am I correct in stating that this WILL affect every page not having SSL? If not, I apologize. I am wondering if this will be taken care of for all Weebly accounts.
@Adam- Can you answer that one for me, please?
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
Every password-protected page, or just every page in general? I do expect this resolved once we have a solution in place to provide SSL for non-business sites.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
@Adam wrote:Every password-protected page, or just every page in general? I do expect this resolved once we have a solution in place to provide SSL for non-business sites.
Adam - Sorry! I re-read the statement that was released and understand it now. Must have needed more coffee the first time. Thanks.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
That's ok! I pretty much always need more coffee.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report